CVE-2020-1779

Summary

When dynamic templates are used (OTRSTicketForms), admin can use OTRS tags which are not masked properly and can reveal sensitive information. This issue affects: OTRS AG OTRSTicketForms 6.0.x version 6.0.40 and prior versions; 7.0.x version 7.0.29 and prior versions; 8.0.x version 8.0.3 and prior versions.

Affected Software

VendorProductVersion RangeStatus
OTRS AGOTRSTicketForms6.0.x <= 6.0.40affected
OTRS AGOTRSTicketForms7.0.x <= 7.0.29affected
OTRS AGOTRSTicketForms8.0.x <= 8.0.3affected

Weaknesses

  • CWE-200: CWE-200 Information Exposure

ADP Enrichment

CVE Program Container

Additional References

References